1. To start the process, you send an email to the recipient with put cash@square.com in the CC field and the dollar amount in the subject line. Your email would look something like this:

To: friend@email.com
CC: cash@square.com
Subject: $25

2. The first time you do this, you receive an email from Square with a link to enter your debit card number on the company’s secure website.

3. Your recipient receives a similar email.

4. Once the accounts are registered, the money is transferred, usually within a day or two.

After you send this first email, you no longer have to visit Square’s site, but each new recipient will need to register his or her debit card.

Oh yeah, I forgot one important thing: This is a free service. Square charges nothing for it, although the company reportedly charged 50 cents per transaction during beta tests, according to The Verge.

So what does Square get out of it?

For one thing, Square Cash builds awareness for Square as a company known for simplifying transactions. Square also begins to build a database of email-linked debit card accounts to which it can market other products. Square told Wall Street Journal reviewer Walt Mossberg that the company hopes to monetize Square Cash by offering premium services, such as sending cash internationally.

In terms of security, Square says it has anti-spoofing technology in place to prevent fraud. But, according to the Verge, the company’s not saying how that works:

Square Cash works over email, which raises some pretty obvious questions about security. At first glance, you might assume that an SMTP-spoofing program could convince Square that you’re sending money from an email address that isn’t yours. “When we built the product we were all thinking of the same thing,” says Grassadonia, “but the product is 100 percent secure. Nobody is going to get taken advantage of via spoofing.” Working within the existing structures of email is clever, but could be intimidating for some new users, who will have to take Square on its word. The company declined to provide any details about its anti-spoofing methods.

Square has a page discussing Cash’s security, but it’s also not very specific. The page includes a warning to have a strong password on your email account, because once you link that email account to your debit card, your money is accessible by anyone who can get into your inbox.

You can use Square Cash with any email service, and Square had released iOS and Android apps that work with it. But all they really do is generate the email – you don’t really need them.

This could be a very popular service for those unafraid to give up their debit card numbers to Square and trust in the company’s black-box security processes. It could also serve to undercut Square’s primary business of handling credit-card transactions.

My wife uses the Square Reader in her small business. That’s the small, square card-swiper you plug into the headphone jack of a mobile device. Square charges a percentage on each transaction.

When I told her about Square Cash, she began to wonder if she could use it to accept payments in lieu of credit cards, bypassing the company’s transaction fee. She’d have to get her customers to trust the process, which could be an uphill battle for some.

But the biggest deterrent to business use is a $250-per-week transaction limit. You can upgrade to a $2,500-per-week limit by giving Square more information about yourself, including a mobile phone number for a text-message verification and a Facebook account. (No, Square doesn’t report your transactions to your friends – it just uses Facebook as a verification.) If you don’t use Facebook, you can provide your full name, date of birth and the last four digits of your Social Security Number.